Mobile malware is on the increase and the purpose of almost all of it is to generate income for cybercriminals.
Some malware can monitor devices for banking transactions, gathering sensitive details like passwords and account numbers. Quite common is malware that causes a device to send out SMSes to premium-rate numbers and these costs are charged to the user’s account.
“The risk to you as a mobile user is obvious, fraud. If you are using your device for work, such as sending and receiving emails or accessing the corporate network and you don’t take adequate security precautions, you are putting the company’s network and data at risk. The risks include fraud, compromise of data security, data theft and reputational damage. Very often, it is device users who are their own worst enemies,” says Michael Morton, mobile security expert at Securicom.
He says mobile devices are like computers and need to be protected in the same way. For companies, an effective mobile management solution has become essential for mitigating malware related risks and protecting data generated, stored and shared on mobile devices.
Morton offers this advice for mobile device end users:
1. Only download applications from reputable sites recommended by your operating system provider. Understand that applications or games downloaded from third party stores or websites could be malicious.
2. Install a mobile security application. There are many forms of free Anti-virus applications that can be downloaded from the apps stores. These applications will scan your device and applications and report on any malicious or suspect behaviour.
3. Use a personal Firewall. This will be the same as a Firewall sitting at your office. You can use the Firewall to disable all ports on your device, only opening the ones you know are being used.
4. Make sure that you have the latest version of an application on your device. With each new version of an application certain features, both security and interface, are addressed and updated.
5. Try to avoid free, over-the-air WiFi networks as these for the most part or not secure. If you use free WiFi at an airport or restaurant, you could put your device at risk of malware.
6. Never access your company’s corporate network from a free WiFi hotspot. Only use your company’s VPN to access corporate data, if there is one available.
7. Use a strong complex password for both your device and your SIM card. This makes the access to your device more difficult in the event that your device is lost or stolen.
8. Never attempt to “jailbreak” your device. “Jailbreaking” is the process of removing the security limitations imposed by the operating system vendor. To “jailbreak” or to “root” means to gain full access to the operating system and features. This also means breaking the security model and allowing all apps, including malicious ones, to access your data.
9. Keep your device’s operating system up to date. Without the ability to update your operating system, your device is vulnerable to potential exploits. Research mobile providers and handset manufacturers to know which ones apply updates and which don’t.
10. Never click on links in mails you open on your devices. These could be phishing mails which could put your device at risk.